use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileTls.
// method certprofileScep
private static X509ProfileType certprofileTls() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile tls", X509CertLevel.EndEntity, "5y", true);
profile.setDuplicateKey(true);
// Subject
Subject subject = profile.getSubject();
subject.setDuplicateSubjectPermitted(true);
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null));
// Extensions
// Extensions - general
ExtensionsType extensions = profile.getExtensions();
// SubjectToSubjectAltName
extensions.setSubjectToSubjectAltNames(new SubjectToSubjectAltNamesType());
SubjectToSubjectAltNameType s2sType = new SubjectToSubjectAltNameType();
extensions.getSubjectToSubjectAltNames().getSubjectToSubjectAltName().add(s2sType);
s2sType.setSource(createOidType(ObjectIdentifiers.DN_CN));
s2sType.setTarget(new Target());
s2sType.getTarget().setDnsName("");
// Extensions - controls
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - SubjectAltNames
SubjectAltName subjectAltNameMode = new SubjectAltName();
subjectAltNameMode.setDnsName("");
subjectAltNameMode.setIpAddress("");
ExtensionValueType extensionValue = createExtensionValueType(subjectAltNameMode);
list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
// Extensions - basicConstraints
extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
// Extensions - tlsFeature
extensionValue = createTlsFeature(new TlsExtensionType[] { TlsExtensionType.STATUS_REQUEST, TlsExtensionType.CLIENT_CERTIFICATE_URL });
list.add(createExtension(ObjectIdentifiers.id_pe_tlsfeature, true, true, extensionValue));
// Extensions - SMIMECapabilities
extensionValue = createSmimeCapabilities();
list.add(createExtension(ObjectIdentifiers.id_smimeCapabilities, true, false, extensionValue));
return profile;
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileSubCaComplex.
// method certprofileSubCa
private static X509ProfileType certprofileSubCaComplex() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile subca-complex (with most extensions)", X509CertLevel.SubCA, "8y", false);
// Subject
Subject subject = profile.getSubject();
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX"));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = createBasicConstraints(1);
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(false);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN });
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Certificate Policies
extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1"));
list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
// Policy Mappings
PolicyMappings policyMappings = new PolicyMappings();
policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1")));
policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2")));
extensionValue = createExtensionValueType(policyMappings);
list.add(createExtension(Extension.policyMappings, true, true, extensionValue));
// Policy Constraints
PolicyConstraints policyConstraints = createPolicyConstraints(2, 2);
extensionValue = createExtensionValueType(policyConstraints);
list.add(createExtension(Extension.policyConstraints, true, true, extensionValue));
// Name Constrains
NameConstraints nameConstraints = createNameConstraints();
extensionValue = createExtensionValueType(nameConstraints);
list.add(createExtension(Extension.nameConstraints, true, true, extensionValue));
// Inhibit anyPolicy
InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1);
extensionValue = createExtensionValueType(inhibitAnyPolicy);
list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue));
// SubjectAltName
SubjectAltName subjectAltNameMode = new SubjectAltName();
OtherName otherName = new OtherName();
otherName.getType().add(createOidType(ObjectIdentifiers.DN_O));
subjectAltNameMode.setOtherName(otherName);
subjectAltNameMode.setRfc822Name("");
subjectAltNameMode.setDnsName("");
subjectAltNameMode.setDirectoryName("");
subjectAltNameMode.setEdiPartyName("");
subjectAltNameMode.setUniformResourceIdentifier("");
subjectAltNameMode.setIpAddress("");
subjectAltNameMode.setRegisteredID("");
extensionValue = createExtensionValueType(subjectAltNameMode);
list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
// SubjectInfoAccess
SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
subjectInfoAccessMode.getAccess().add(access);
access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository));
GeneralNameType accessLocation = new GeneralNameType();
access.setAccessLocation(accessLocation);
accessLocation.setDirectoryName("");
accessLocation.setUniformResourceIdentifier("");
extensionValue = createExtensionValueType(subjectInfoAccessMode);
list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
// Custom Extension
ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4");
extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded(), "DER Null");
list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1"));
return profile;
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileSubCa.
// method certprofileCross
private static X509ProfileType certprofileSubCa() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile subca", X509CertLevel.SubCA, "8y", false);
// Subject
Subject subject = profile.getSubject();
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
// Extensions
ExtensionsType extensions = profile.getExtensions();
// Extensions - controls
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = createBasicConstraints(1);
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(false);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN });
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
return profile;
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileGsmcK.
// method certprofileTlsWithIncSerial
private static X509ProfileType certprofileGsmcK() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile gsmc-k", X509CertLevel.EndEntity, "5y", false);
// SpecialBehavior
profile.setSpecialBehavior(SpecialX509CertprofileBehavior.gematik_gSMC_K.name());
// Maximal life time
Parameters profileParams = new Parameters();
profile.setParameters(profileParams);
NameValueType nv = new NameValueType();
nv.setName(SpecialX509CertprofileBehavior.PARAMETER_MAXLIFTIME);
nv.setValue(Integer.toString(20 * 365));
profileParams.getParameter().add(nv);
// Subject
Subject subject = profile.getSubject();
subject.setDuplicateSubjectPermitted(true);
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_ST, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_L, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_CODE, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_STREET, 0, 1));
// regex: ICCSN-yyyyMMdd
String regex = "80276[\\d]{15,15}-20\\d\\d(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])";
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { regex }, null, null));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
// Extensions - Policy
CertificatePolicies policies = new CertificatePolicies();
ASN1ObjectIdentifier[] policyIds = new ASN1ObjectIdentifier[] { ID_GEMATIK.branch("79"), ID_GEMATIK.branch("163") };
for (ASN1ObjectIdentifier id : policyIds) {
CertificatePolicyInformationType policyInfo = new CertificatePolicyInformationType();
policies.getCertificatePolicyInformation().add(policyInfo);
policyInfo.setPolicyIdentifier(createOidType(id));
}
extensionValue = createExtensionValueType(policies);
list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
// Extension - Admission
AdmissionSyntax admissionSyntax = new AdmissionSyntax();
AdmissionsType admissions = new AdmissionsType();
admissionSyntax.getContentsOfAdmissions().add(admissions);
ProfessionInfoType pi = new ProfessionInfoType();
admissions.getProfessionInfo().add(pi);
pi.getProfessionOid().add(createOidType(ID_GEMATIK.branch("103")));
pi.getProfessionItem().add("Anwendungskonnektor");
extensionValue = createExtensionValueType(admissionSyntax);
// check the syntax
XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax);
list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue));
// SubjectAltNames
extensionValue = null;
list.add(createExtension(Extension.subjectAlternativeName, false, false, extensionValue));
return profile;
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.
the class X509CertprofileQa method buildConstantExtesions.
public static Map<ASN1ObjectIdentifier, QaExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
if (extensionsType == null) {
return null;
}
Map<ASN1ObjectIdentifier, QaExtensionValue> map = new HashMap<>();
for (ExtensionType m : extensionsType.getExtension()) {
if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
continue;
}
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
continue;
}
ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
byte[] encodedValue = extConf.getValue();
ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
try {
parser.readObject();
} catch (IOException ex) {
throw new CertprofileException("could not parse the constant extension value", ex);
}
QaExtensionValue extension = new QaExtensionValue(m.isCritical(), encodedValue);
map.put(oid, extension);
}
if (CollectionUtil.isEmpty(map)) {
return null;
}
return Collections.unmodifiableMap(map);
}
Aggregations